Merge pull request #1952 from truenas/TC-2.3.3

TrueCommand 2.3.3 Documentation

content/Solutions/Integrations/SMBClustering.md

@@ -34,11 +34,12 @@ Configuring the cluster feature is a multi-step process that spans multiple syst
 
 ## Creating the Cluster
 
-When the SCALE, AD, and TrueCommand environments are ready, log in to TrueCommand to cluster the SCALE systems.
+When the SCALE, AD, and TrueCommand environments are ready, log into TrueCommand to configure the cluster of SCALE systems.
 
-Click the <span class="iconify" data-icon="mdi:server-network"></span> **Clusters** icon in the upper left. Click **CREATE CLUSTER** to see the cluster creation options.
+Click the <span class="iconify" data-icon="mdi:server-network"></span> **Clusters** icon in the upper left. 
+Click **CREATE CLUSTER** to see the cluster creation options.
 
-![CreateClusterSystemsNetwork](/images/TrueCommand/2.2/CreateClusterSystemsNetwork.png "Network Options for Clustered Systems")
+{{< trueimage src="/images/TrueCommand/2.2/CreateClusterSystemsNetwork.png" alt="Network Options for Clustered Systems" id="5 Network Options for Clustered Systems" >}}
 
 1. Enter a unique name for the cluster, and then select the systems to include from the dropdown list. A list of SCALE systems displays.
 
@@ -55,7 +56,7 @@ After creating the cluster, TrueCommand opens another sidebar to configure it fo
 ### Assigning the Virtual IPs (VIPs)
 For each system:
 
-![ConfigureClusterSMBNetwork](/images/TrueCommand/2.3.1/ConfigureClusterSMBNetwork.png "Configure Cluster SMB Network")
+{{< trueimage src="/images/TrueCommand/2.3.1/ConfigureClusterSMBNetwork.png" alt="Configure Cluster SMB Network" id="6 Configure Cluster SMB Network" >}}
 
 1. Choose the IP address related to the primary subnet (typically the IP address you use to connect the SCALE system to TrueCommand).
 
@@ -64,7 +65,7 @@ For each system:
 ### Assigning the Associate VIPs
 For each system:
 
-![ConfigureClusterAssociateVIPs](/images/TrueCommand/2.3.1/ConfigureClusterAssociateVIPs.png "Configure Associate VIPs")
+{{< trueimage src="/images/TrueCommand/2.3.1/ConfigureClusterAssociateVIPs.png" alt="Configure Associate VIP" id="7 Configure Associate VIPs" >}}
 
 1. Select the interfaces to associate with the VIPs. You should select the interface configured for the SCALE system IP address.
 
@@ -73,7 +74,7 @@ For each system:
 ### Entering Active Directory Credentials
 Enter user for Active Directory for the cluster:
 
-![ConfigureClusterActiveDirectory](/images/TrueCommand/2.3.1/ConfigureClusterActiveDirectory.png "Configure Cluster Active Directory Connection")
+{{< trueimage src="/images/TrueCommand/2.3.1/ConfigureClusterActiveDirectory.png" alt="Configure Cluster Active Directory Connection" id="8 Configure Cluster Active Directory Connection" >}}
 
 1. Enter the Microsoft Active Directory credentials.
 
@@ -84,7 +85,7 @@ Enter user for Active Directory for the cluster:
 SMB service does not start if the cluster systems (nodes) are incorrectly configured!
 {{< /hint >}}
 
-![ConfigureClusterReview](/images/TrueCommand/2.3.1/ConfigureClusterReview.png "Configure Cluster: Review and confirm")
+{{< trueimage src="/images/TrueCommand/2.3.1/ConfigureClusterReview.png" alt="Configure Cluster: Review and confirm" id="9 Configure Cluster: Review and confirm" >}}
 
 1. Verify the connection details are correct.
 
@@ -100,7 +101,7 @@ The command returns the list of SCALE IP addresses and current connection status
 
 1. In the TrueCommand **Clusters** screen, find the cluster to use and click **CREATE VOLUME**.
 
- ![ClustersCreateVolumeDetails](/images/TrueCommand/2.2/ClustersCreateVolumeDetails.png "Add Cluster Volume: Details")
+ {{< trueimage src="/images/TrueCommand/2.2/ClustersCreateVolumeDetails.png" alt="Add Cluster Volume: Details" id="10 Add Cluster Volume: Details" >}}
 
 2. Enter a unique name for the cluster and select a **Type**.
 
@@ -129,7 +130,7 @@ To verify the volume created, go to the **Shell** and enter `gluster volume info
 To share a cluster volume, go to the TrueCommand **Clusters** screen, finding the cluster card, and click on the desired cluster volume.
 Click **CREATE SHARE**.
 
-![ClustersClusterVolumeExpandedCreateShare](/images/TrueCommand/2.2/ClustersClusterVolumeExpandedCreateShare.png "Add Cluster Share")
+{{< trueimage src="/images/TrueCommand/2.2/ClustersClusterVolumeExpandedCreateShare.png" alt="Add Cluster Share" id="11 Add Cluster Share" >}}
 
 1. Enter a unique name for the share.
 
@@ -155,7 +156,7 @@ There are several ways to access an SMB share, but this article demonstrates usi
 
 1. Connected to the same network as the clustering environment, open **File Explorer**.
 
- ![WindowsFileExplorereAccessClusterShare](/images/TrueCommand/2.2/WindowsFileExplorereAccessClusterShare.png "Cluster Volume Share Options")
+ {{< trueimage src="/images/TrueCommand/2.2/WindowsFileExplorereAccessClusterShare.png" alt="Cluster Volume Share Options" id="12 Cluster Volume Share Options" >}}
 
 2. Clear the contents and enter `\\` followed by the IP address or host name of one of the clustered SCALE systems in the **Navigation** bar. 
  Press <kbd>Enter</kbd>.

content/TrueCommand/Administration/Admin/SAML/ConfigIDPSAMLSSO.md

@@ -0,0 +1,57 @@
+---
+title: "Configuring IDP SAML as SSO for TrueCommand SAML Service"
+description: "Provides information on setting up an identity provider (IDP) SAML provider as SSO for TrueCommand SAML service."
+weight: 40
+aliases:
+tags:
+- tcsaml
+---
+
+{{< toc >}}
+
+TrueCommand allows identity provider (IDP) SAML single sign-on (SSO) configuration as of release 2.3.3.
+With IDP-SAML SSO you can configure a provider such as Okta, AuthO, OneLogin, or Google to provide TrueCommand SSO through the IDP SAML service dashboard instead of using the TrueCommand SAML sign-in option. 
+
+Security Assertion Markup Language (SAML) is an SSO standard for logging users into applications that require authentication credentials (like GitHub, G-Mail, etc.). 
+SSO works by transferring a known identity for a user to another location that provides services to the user. 
+SAML accomplishes the transfer by exchanging digitally-signed XML documents. 
+
+A SAML configuration requires an Identity Provider (IDP) and Service Provider (SP). When the IDP-SAML service provides the SSO, TrueCommand becomes the service provider. 
+
+IDP-SAML provider configuration settings and attributes can differ. 
+This article provides general instructions, settings, and attributes for configuring an IDP-SAML SSO for TrueCommand as a cloud service provider. 
+
+{{< hint type=note >}}
+TrueCommand IDP SAML does not support groups at this time.
+{{< /hint >}}
+
+## TrueCommand Requirements
+
+TrueCommand requires configuring the [general settings](#general-settings) and a set of [attributes](#mapping-attributes).
+
+### General Settings
+
+Set support to PERSISTENT.
+
+Download the IDP SAML metadata.
+
+Download or copy/paste the single sign-in URL (https://)
+
+Enter attributes as shown in the table below, with the underscore (*attribute_name*) if indicated.
+
+For IDP SAML SSO, TrueCommand does not require the certificates from the IDP provider.
+
+### Mapping Attributes
+Define these attributes in the IDP SAML service provider:
+
+{{< truetable >}}
+| Attribute | Value |
+|-----------|-------|
+| Username | unique_name |
+| Full Name | given_name or display_name |
+| Email | mail or email |
+| Title | title |
+| Phone Number | telephone_number |
+{{< /truetable >}}
+
+{{< taglist tag="tcsaml" limit="10" title="Related SAML Articles" >}}

content/TrueCommand/Administration/Admin/SAMLAD.md → content/TrueCommand/Administration/Admin/SAML/SAMLAD.md

@@ -1,9 +1,11 @@
 ---
 title: "Configuring TrueCommand SAML Service for Active Directory"
 description: "Provides detailed instructions on setting up SAML service in TrueCommand and Active Directory."
-weight: 45
+weight: 20
+aliases:
+ - /truecommand/administration/admin/samlad/
 tags:
- - tcsaml
+- tcsaml
 ---
 
 {{< toc >}}
@@ -217,4 +219,4 @@ This process is described in the next section.
 
 Go to the TrueCommand login page and click the **SAML Login** option to log in. Enter your Active Directory user login credentials (for example, *username*@ds.*yourcompany*.net).
 
-{{< taglist tag="tcsaml" limit="10" >}}
+{{< taglist tag="tcsaml" limit="10" title="Related SAML Articles" >}}

content/TrueCommand/Administration/Admin/SAMLGA.md → content/TrueCommand/Administration/Admin/SAML/SAMLGA.md

@@ -1,9 +1,11 @@
 ---
 title: "Configuring TrueCommand SAML Service for Google Admin"
 description: "Provides detailed instructions on setting up SAML service in TrueCommand and Google Admin."
-weight: 40
+weight: 30
+aliases:
+ - /truecommand/administration/admin/samlga/
 tags:
- - tcsaml
+- tcsaml
 ---
 
 {{< toc >}}
@@ -32,15 +34,15 @@ After you configure SAML in Google Admin, you configure and start the TrueComman
 
 1. Open Google Admin and go to **Apps > Web and mobile apps**.
 
- ![GASelectWebandMobileApps](/images/SAML/GASelectWebandMobileApps.jpg "GA Select Web and Mobile Apps")
+ {{< trueimage src="/images/SAML/GASelectWebandMobileApps.png" alt="GA Select Web and Mobile Apps" id="1: GA Select Web and Mobile Apps" >}}
 
 2. Click **Add App**, then select **Add custom SAML app** to open the **App details** screen.
 
- ![GAClickAddApp](/images/SAML/GAClickAddApp.jpg "GAClickAddApp")
+ {{< trueimage src="/images/SAML/GAClickAddApp.png" alt="GA Click Add App" id="2: GA Click Add App" >}}
 
 3. Configure the SAML app details. 
 
- ![GAAddCustomSAMLAppDetailsCropped](/images/SAML/GAAddCustomSAMLAppDetailsCropped.jpg "GA Add Custom SAML App Details Cropped")
+ {{< trueimage src="/images/SAML/GAAddCustomSAMLAppDetailsCropped.png" alt="GA Add Custom SAML App Details Cropped" id="3: GA Add Custom SAML App Details Cropped" >}}
 
  a. Type any name you want to use in the **App Name** field. This example uses *tcsaml*.
 
@@ -52,7 +54,7 @@ After you configure SAML in Google Admin, you configure and start the TrueComman
 
 4. Configure the service provider details. 
 
- ![GAAddCustomSAMLAppAddServiceProviderDetailsCropped](/images/SAML/GAAddCustomSAMLAppAddServiceProviderDetailsCropped.jpg "GA Add Custom SAML App Add Service Provider Details Cropped")
+ {{< trueimage src="/images/SAML/GAAddServiceProviderDetailsCropped.png" alt="GA Add Service Provider Details Cropped" id="4: GA Add Service Provider Details Cropped" >}}
 
  a. Enter the TrueCommand login URL http://*IP:PORT*/saml/acs in the **ACS Url** field. 
  *IP:PORT* is your TrueCommand system IP and port address.
@@ -64,13 +66,13 @@ After you configure SAML in Google Admin, you configure and start the TrueComman
 
  d. Set **Name ID** format to **PERSISTENT**.
 
-  ![GAAddCustomSAMLAppDetailsAddedCropped](/images/SAML/GAAddCustomSAMLAppDetailsAddedCropped.jpg "GA Add Custom SAML App Details Added Cropped")
+ {{< trueimage src="/images/SAML/GAAddCustomSAMLAppDetailsAddedCropped.png" alt="GA Add Custom SAML App Details Added Cropped" id="5: GA Add Custom SAML App Details Added Cropped" >}}
 
  e. Set **Name ID** to **Basic Information > Primary Email**.
 
  f. Click **CONTINUE** to view the **Attribute Mapping** screen.
 
-  ![GAAddCustomSAMLAppAttributeMappingCropped](/images/SAML/GAAddCustomSAMLAppAttributeMappingCropped.jpg "GAA dd Custom SAML App Attribute Mapping Cropped")
+ {{< trueimage src="/images/SAML/GAAddCustomSAMLAppAttributeMappingCropped.png" alt="GA App Attribute Mapping Cropped" id="6: GA App Attribute Mapping Cropped" >}}
 
  g. Enter the **Attributes**. 
  Select the attribute using the **Google Directory attributes** dropdown menus, then type the attributes exactly as they are in the table below into the **App attributes** fields:
@@ -90,27 +92,25 @@ After you configure SAML in Google Admin, you configure and start the TrueComman
 5. Verify the information is correct. 
  Select **TEST SAML LOGIN** in the **tcsaml** area on the left side of the screen to open the **TrueCommand SAML Test** screen.
 
- ![GAAddCustomSAMLAppTrueCommandSAMLTestCropped](/images/SAML/GAAddCustomSAMLAppTrueCommandSAMLTestCropped.jpg "GA Add Custom SAML App TrueCommand SAML Test Cropped")
+ {{< trueimage src="/images/SAML/GAAddCustomSAMLAppTrueCommandSAMLTestCropped.png" alt="GA Add Custom SAML App TrueCommand SAML Test Cropped" id="7: GA Add Custom SAML App TrueCommand SAML Test Cropped" >}}
 
 6. Download the metadata.
 
- ![GASAMLAppDownloadMetadataCropped](/images/SAML/GASAMLAppDownloadMetadataCropped.jpg "GA SAML App Download Metadata Cropped")
+ {{< trueimage src="/images/SAML/GAAddCustomSAMLAppDownloadMetaDataWindowCropped.png" alt="GA SAML App Download Metadata Cropped" id="8: GA SAML App Download Metadata Cropped" >}}
 
  a. Select **DOWNLOAD METADATA** to open the **Download Metadata** window. 
 
  b. Click **DOWNLOAD METADATA** again. When complete, click **CLOSE**.
 
- ![GAAddCustomSAMLAppDownloadMetaDataWindowCropped](/images/SAML/GAAddCustomSAMLAppDownloadMetaDataWindowCropped.jpg "GA Add Custom SAML App Download MetaData Window Cropped")
-
 7. Verify user access details. 
 
  a. Click **View Details** under **User access** to display the **Service status** details.
 
-  ![GASAMLAppClickViewDetailsCropped](/images/SAML/GASAMLAppClickViewDetailsCropped.jpg "GA SAML App Click View Details Cropped")
+ {{< trueimage src="/images/SAML/GASAMLAppClickViewDetailsCropped.png" alt="GA SAML App Click View Details Cropped" id="9: GA SAML App Click View Details Cropped" >}}
 
  b. Select **ON for everyone** and click **SAVE**.
 
-  ![GASAMLAppSetServiceStatusOnForEveryoneCropped](/images/SAML/GASAMLAppSetServiceStatusOnForEveryoneCropped.jpg "GA SAML App Set Service Status On For Everyone Cropped")
+ {{< trueimage src="/images/SAML/GASAMLAppSetServiceStatusOnForEveryoneCropped.png" alt="GA SAML App Set Service Status On For Everyone Cropped" id="10: GA SAML App Set Service Status On For Everyone Cropped" >}}
 
  If you want granular user control, use this area to set it.
 
@@ -132,4 +132,4 @@ After you configure SAML in Google Admin, you configure and start the TrueComman
 
 7. Login now using the **SAML Login** option.
 
-{{< taglist tag="tcsaml" limit="10" >}}
+{{< taglist tag="tcsaml" limit="10" title="Related SAML Articles" >}}

content/TrueCommand/Administration/Admin/SAML/_index.md

@@ -0,0 +1,16 @@
+---
+title: "SAML Tutorials"
+description: "Provides SAML tutorials for TrueCommand SAML configurations."
+weight: 10
+geekdocCollapseSection: true
+---
+
+Security Assertion Markup Language (SAML) is a single sign-on (SSO) standard for logging users into applications that require authentication credentials (like GitHub, G-Mail, etc.).
+SSO works by transferring a known identity for a user to another location that provides services to the user.
+ SAML accomplishes the transfer by exchanging digitally-signed XML documents.
+
+These tutorials provide general and service specific configuration instructions to set a provider such as Okta, AuthO, OneLogin, or Google to provide TrueCommand SSO through the IDP SAML service dashboard instead of using the TrueCommand SAML sign-in option.
+
+## Article Summaries
+
+{{< children depth="2" description="true" >}}